Date: Wed, 18 Mar 1998 16:26:55 +0000 From: "Jeff Buseman" <jeff@netronix.com> To: freebsd-hackers@FreeBSD.ORG Cc: Greg Lehey <grog@lemis.com> Subject: Natd Support for Microsoft PPTP / VPN using protocol 47 Message-ID: <199803190026.QAA17435@shuttle.netronix.com>
next in thread | raw e-mail | index | archive | help
I sent this last week to the questions mailing list, but got little response (other than "let me know what you find out"). I'm sure someone knows the answer, so I'll try again. I did get referred to a Linux web page that discussed something about the fact that the 47 protocol doesn't use ports, such that a 1-to-many connection might work, but a many-to-many connection probably wouldn't (with their software, ipfwd, http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/). Any ideas? I am trying to get a MS VPN set up using the MS PPTP through a FreeBSD machine set up as a firewall. It has all the hardware and software loaded / configured to use NATd, ipfw, and routing to provide Internet access from the internal 10.* network to the ISP. The MS Server and Client machines are also loaded / configured. My problem is that as I watch the NATd translations (-v), I see that the TCP traffic (port 1723, per MS Knowledge Base Article q166288) is translated properly, but the non TCP protocol traffic (protocol 47) is not, even though the source and destination addresses are displayed properly. My NATd command is: natd -l -v -i vx0 -redirect_address 10.1.1.30 204.xxx.xxx.91 I see the following typical messages (from memory, so this may be a little syntactically messed up): in [tcp] 204.xxx.xxx.96:1030 -> 204.xxx.xxx.91:1723 aliased to 204.xxx.xxx.96:1030 -> 10.1.1.30:1723 in [?] 204.xxx.xxx.96 -> 204.xxx.xxx.91 aliased to 204.xxx.xxx.96 -> 204.xxx.xxx.91 (The out messages are similar, with reversed mapping, of course). Anyway, the point is that the unidentified protocol (47) is not being translated by NATd. (I checked that packets with a Lan Sniffer and they are protocol 47). Finally, my question(s) is this: Is there some way to make NATd do the translation on this protocol, or does it only handle TCP and UDP traffic? If so, is there some other way to get the MS PPTP in through the firewall to an unregistered network, or has someone hacked the NATd code to support MS PPTP? Or, how is everyone else providing MS VPN through their firewall (with unregistered internal addresses)? Jeff Buseman jeff@netronix.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803190026.QAA17435>